问题描述
我探索的i.MX53 QSB和TrustZone的扩展。我运行安全的世界由于U-Boot的bootloader的操作系统。现在,我在安全的世界。我有三个问题:
- 的第一个问题是,当我应该共享内存和安全与正常世界的中断?
- 第二个是我如何可以移动到正常的世界,以在其上运行一个操作系统的丰富?
- 第三个问题涉及到监控模式code,我应该在哪里写呢?它是在安全的世界一个内核模块?
Memory sharing depends on your system requirements/design. It is possible to use the smc
to only use registers to share information. No one can give a generic answer on memory sharing.
It rarely makes sense to share interrupts. You would need a driver in both worlds. The whole point of trustzone is to partition hardware.
Some hardware is trustzone aware. Ie, it can change it's register set/view based on what world is executing. Generally, this hardware only has an interrupt for one world or a separate interrupt number. If you do not have a device that is trustzone aware, this is probably a foolish thing to try.
Well, this is fairly simple when you have a monitor mode. So, from the secure boot (maybe a secure OS task/thread),
- Load the normal world OS to memory.
- Setup monitor mode stack and other contexts; monitor mode will need a memory buffer to store world contexts.
- Switch to monitor mode.
- Setup memory partitioning (intially allow everything for the normal world).
- Change the
NS
bit to set normal world CP15. - Configure CP15 registers as per boot default. Many OSs will expect that they are booting as per normal. Most trustzone CPUs do not setup the normal world CP15 registers by default.
- Mask interrupts, turn off cache, etc as required to boot normal OS.
- With
NS
bit still set, do a world switch.
The world switch is dependent on your system design. If the secure world OS only used registers R0-R12 the instructions might be like,
# NS bit is set.
msr spsr_fsxc, lr # mon_lr contains normal world mode, etc.
ldm sp, {r0 - r12, pc}^ # monitor 'sp' is a context pointer.
The ldm rX, {xxx, pc}^
will do a mode switch. The monitor 'sp' could have 13 zeros (for r0-r12) and then a normal world entry point for the 'PC'. The monitor 'lr' would have the starting mode (interrupt masked, etc) for the normal world.
NOTE: This is a simple example and it not meant for your particular OS. It is only conceptual. Specifics depend on specific normal/secure world OS requirements. Typically, you need to do all the things a boot loader would do for that platform/OS without TrustZone. As well, you need to initialize all registers in all modes. You may not care about registers the secure world doesn't use (NEON/VFP) and leave them as per boot defaults; this is more true for actual 'world switch' code.
Monitor mode will always USE the CP15 registers of the secure world. This implies monitor mode has the MMU view, cache, etc of the secure OS. When the 'NS' bit is set and monitor mode does a mcr
or mrc
, it is setting the normal world registers. Well, technically it could be 'separate' there will probably be a lot of interaction between the secure OS and the monitor. Again, it depends on specifics. There are many types of OSs (or world contexts),
- Polling mode
- Non-preemptive
- Pre-emptive
You have permutations of the above for both the secure and normal world and the world switch handling will depend on the requirement of both. For the most complex case (Pre-emptive secure/normal), you need integration of schedulers which is OS dependent.
这篇关于的i.MX53 QSB和ARM的TrustZone的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!